Lucene search
RedhatVULNRICHMENT:CVE-2023-6484HistoryApr 25, 2024 - 3:58 p.m.
CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration
2024-04-2515:58:18
CWE-117
redhat
github.com
3
cve-2023-6484
keycloak
log injection
webauthn
authentication
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
7.1
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity.
CNA Affected
[
{
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"versions": [
{
"status": "unaffected",
"version": "22.0.10-1",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rhbk/keycloak-operator-bundle",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"versions": [
{
"status": "unaffected",
"version": "22-13",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rhbk/keycloak-rhel9",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:22::el9"
],
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22",
"versions": [
{
"status": "unaffected",
"version": "22-16",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rhbk/keycloak-rhel9-operator",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:22"
],
"vendor": "Red Hat",
"product": "Red Hat build of Keycloak 22.0.10",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7",
"packageName": "keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.12-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 7",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.13-1.redhat_00001.1.el7sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.12-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 8",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.13-1.redhat_00001.1.el8sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.12-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
],
"vendor": "Red Hat",
"product": "Red Hat Single Sign-On 7.6 for RHEL 9",
"versions": [
{
"status": "unaffected",
"version": "0:18.0.13-1.redhat_00001.1.el9sso",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso7-keycloak",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-41",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso76-openshift-rhel8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-46",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso76-openshift-rhel8",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-16",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso7-rhel8-init-container",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6-18",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso7-rhel8-operator",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:rhosemc:1.0::el8"
],
"vendor": "Red Hat",
"product": "RHEL-8 based Middleware Containers",
"versions": [
{
"status": "unaffected",
"version": "7.6.8-2",
"lessThan": "*",
"versionType": "rpm"
}
],
"packageName": "rh-sso-7/sso7-rhel8-operator-bundle",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"defaultStatus": "affected"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7.6"
],
"vendor": "Red Hat",
"product": "RHSSO 7.6.8",
"packageName": "keycloak-rhel9-operator-bundle-container",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected"
}
]References
access.redhat.com/errata/RHSA-2024:0798
access.redhat.com/errata/RHSA-2024:0799
access.redhat.com/errata/RHSA-2024:0800
access.redhat.com/errata/RHSA-2024:0801
access.redhat.com/errata/RHSA-2024:0804
access.redhat.com/errata/RHSA-2024:1860
access.redhat.com/errata/RHSA-2024:1861
access.redhat.com/errata/RHSA-2024:1862
access.redhat.com/errata/RHSA-2024:1864
access.redhat.com/errata/RHSA-2024:1865
access.redhat.com/errata/RHSA-2024:1866
access.redhat.com/errata/RHSA-2024:1867
access.redhat.com/errata/RHSA-2024:1868
access.redhat.com/security/cve/CVE-2023-6484
bugzilla.redhat.com/show_bug.cgi?id=2248423
Related
nvd
nvd
CVE-2023-6484
2024-04-25 16:15:09
cve
cve
CVE-2023-6484
2024-04-25 16:15:09
osv
osv
veracode
veracode
Improper Logs Output Neutralization
2024-04-18 07:00:37
cvelist
cvelist
github
github
redhatcve
redhatcve
CVE-2023-6484
2023-12-04 10:56:49
redhat
redhat
nessus
nessus
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
7.1
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-6484